To use Nginx Ingress Controller but NOT LoadBalancer, but controller.kind=DaemonSet with hostNetwork=true. First label the node for nginx:
kubectl label nodes NODE_NAME web-server=nginx
Set values.yaml for helm chart:
controller:
hostNetwork: true
kind: DaemonSet
publishService:
enabled: true
service:
type: ""
resources:
requests:
memory: 100Mi
# fix to one Kubernetes node
nodeSelector:
web-server: nginx
defaultBackend:
resources:
requests:
memory: 100Mi
Deploy stable/nginx-ingress helm chart:
helm install nginx-ingress stable/nginx-ingress -f values.yaml --wait
Allow Firewall on HTTPS Port
That’s done from Kubernetes part. However, we still need DigitalOcean to allow firewall on HTTPS port (firewall note), otherwise connections will just hang.
1. (Conditional) If you don’t already have a https-server firewall rule, create it:
doctl compute firewall create --inbound-rules="protocol:tcp,address:0.0.0.0/0,ports:443" --name=https-server2. Use doctl or DigitalOcean web UI to assign that firewall rule to your chosen DigitalOcean node.
# get droplet ID
doctl compute droplet list
# get firewall ID of https-server: 77190fe0-f14e-4883-9fe0-916ee8be3985
doctl compute firewall list
# add droplets to the firewall
doctl compute firewall add-droplets 77190fe0-f14e-4883-9fe0-916ee8be3985 --droplet-ids 2064306633. Change the DNS A record to point to that node’s External IP address.
WebSockets and SSL Issue
There is a potential issue with Secure WebSockets (wss://) and SSL together with nginx-ingress, and most likely if complicated with a Load Balancer, and a CDN: https://github.com/kubernetes/ingress-nginx/issues/3746.